nano /etc/grafana/grafana.ini

# Defaults to false, but set to true to enable this feature
enabled = true
# HTTP Header name that will contain the username or email
header_name = X-authentik-username
# HTTP Header property, defaults to `username` but can also be `email`
header_property = username
# Set to `true` to enable auto sign up of users who do not exist in Grafana DB. Defaults to `true`.
auto_sign_up = false
# Define cache time to live in minutes
# If combined with Grafana LDAP integration it is also the sync interval
sync_ttl = 60
# Limit where auth proxy requests come from by configuring a list of IP addresses.
# This can be used to prevent users spoofing the X-WEBAUTH-USER header.
# Example `whitelist =,, 2001::23, 2001::0/120`
whitelist =
# Optionally define more headers to sync other user attributes
headers = Name:X-authentik-name Groups:X-authentik-groups Email:X-authentik-email
# Check out docs on this for more details on the below setting
enable_login_token = false

# Makes logout terminate the proxy session
signout_redirect_url = /akprox/sign_out